HOW TO: Create a new user and add it to a role on ESXi host.

This script creates a new user and adds the user to a role on the ESX host:

$NewUser = '_New_user_name_'
$NewUserPassword = '_New_user_Password_'
$NewUserDesc = '_New_user_description_'
$HOSTCredentials = Get-Credential -Credential root
$ESXhost = '_My_ESX_HOST_'

Connect-VIServer $ESXhost -Credential $HOSTCredentials
New-VMHostAccount -Id $NewUser -Password $NewUserPassword -Description $NewUserDesc -UserAccount -Server $ESXhost -AssignGroups users
$AuthMgr = Get-View (Get-View ServiceInstance).Content.AuthorizationManager
$Entity = Get-Folder ha-folder-root | Get-View
$Perm = New-Object VMware.Vim.Permission
$Perm.entity = $Entity.MoRef
$ = $false
$Perm.principal = $NewUser
$Perm.propagate = $true
# You can either specify roleID or use the line below if you know the role name.
# $Perm.roleId = ($AuthMgr.RoleList | where {$_.Name -eq "ReadOnly"}).RoleId
$Perm.roleId = "-2"

Disconnect-VIServer -Server $ESXhost -Confirm:$false

Here is the list of common roles / role IDs:

RoleName                     Label                                    RoleId
--------                     -----                                    ------
NoAccess                     No access                                -5
Anonymous                    Anonymous                                -4
View                         View                                     -3
ReadOnly                     Read-only                                -2
Admin                        Administrator                            -1
VirtualMachinePowerUser      Virtual machine power user (sample)      4
VirtualMachineUser           Virtual machine user (sample)            5
ResourcePoolAdministrator    Resource pool administrator (sample)     6
VMwareConsolidatedBackupUser VMware Consolidated Backup user (sample) 7
DatastoreConsumer            Datastore consumer (sample)              8
NetworkConsumer              Network consumer (sample)                9

For the full list of Roles you have in your environment please use this script:

$report =@()
$authMgr = Get-View AuthorizationManager
foreach($role in $authMgr.RoleList){
$row = "" | Select RoleName, Label, RoleId
$row.RoleName = $role.Name
$row.Label = $role.Info.Label
$row.RoleId = $role.RoleId
$report += $row

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>




This site uses Akismet to reduce spam. Learn how your comment data is processed.